--- /dev/null
+gzip (1.3.2-3woody3) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Revert patches for zdiff and znew since the use of 'set -C' should
+ indeed be sufficient.
+
+ -- Martin Schulze <joey@infodrom.org> Thu, 4 Nov 2004 12:55:03 +0100
+
+gzip (1.3.2-3woody2) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Applied Trustix patch to correct insecure temporary file use in zdiff
+ and znew [zdiff.in, znew.in, CAN-2004-0970, Bugtraq Id 11288]
+
+ -- Martin Schulze <joey@infodrom.org> Sun, 31 Oct 2004 20:02:13 +0100
+
+gzip (1.3.2-3woody1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team
+ * Fix multiple instances of insecure temporary files
+ - gzexe.in (CVE-1999-1332), which became un-fixed sometime since potato
+ - znew (CAN-2003-0367)
+
+ -- Matt Zimmerman <mdz@debian.org> Sat, 31 May 2003 17:41:06 -0400
+
+gzip (1.3.2-3) unstable; urgency=low
+
+ * modify gzexe.in to hard-code /bin/gzip instead of trying to use BINDIR
+ which yields /usr/bin/gzip. Don't use PATH since we have no idea what it
+ might be when the gzexe'd executable gets run. Closes: #119641
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 14 Nov 2001 23:00:59 -0700
+
+gzip (1.3.2-2) unstable; urgency=low
+
+ * fix silly mistake made when moving man pages from hard to soft links, so
+ man pages for zegrep, zfgrep, and uncompress work again, closes: #118325
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 5 Nov 2001 00:53:40 -0700
+
+gzip (1.3.2-1) unstable; urgency=low
+
+ * new upstream release, incorporating my diffs to 1.3.1
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 4 Nov 2001 09:47:40 -0700
+
+gzip (1.3.1-2) unstable; urgency=low
+
+ * add build dependencies on autoconf and automake
+ * fix infodir spec so we install in the build tree, not the system directory
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 3 Nov 2001 02:18:06 -0700
+
+gzip (1.3.1-1) unstable; urgency=low
+
+ * new upstream version! From alpha.gnu.org, on the explicit advice of the
+ current upstream maintainers, who are working with Debian to prepare a new
+ stable release that addresses many of the open issues in our BTS.
+ .
+ large file support handled in configure, closes: #108612, #83061, #113000
+ it appears the subtle problem with concatenation is fixed, closes: #114591
+ various segfault problems appear fixed, closes: #46312
+ gzip -r issues fixed, closes: #53645, #106186
+ problem with --no-filename option fixed, closes: #59067
+ zgrep -r disallowed - "I did not use the patch as it was not a complete
+ . fix for the problem and I thought it would cause more problems than
+ . it would cure. Instead, I simply disallowed zgrep -r", closes: #81288
+ error message reworded, closes: #76238
+ compression factor output fixed, closes: #80362
+ zgrep -H fixed, closes: #84371
+ permission issue when forced to compress linked file fixed, closes: #88918
+ manpage hardlinks fixed, closes: #94733
+ gzip --help now goes to stdout, closes: #97020
+ zless no longer runs less if file doesn't exist, closes: #109097
+ problem with -best fixed, closes: #17650
+ zgrep now understands --, closes: #28475
+ file size output by gzip fixed for large files, closes: #40721
+ * fix location referenced for GPL on Debian systems, closes: #112095
+ * move install-info remove call from from postrm to prerm
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 3 Nov 2001 01:01:02 -0700
+
+gzip (1.2.4-33) unstable; urgency=low
+
+ * update to current policy
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 2 Dec 1999 01:10:58 -0700
+
+gzip (1.2.4-32) unstable; urgency=low
+
+ * update prototype for and definition of basename function for compatibility
+ with glibc2.0, still in use on m68k. Closes: #45058
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 15 Sep 1999 02:01:47 -0600
+
+gzip (1.2.4-31) unstable; urgency=medium
+
+ * fix problems I induced while merging the upstream patch in the last upload,
+ most notably omitting zless from the package.
+ Closes: #44883, #44885, #44890, #44882, #44887, #44895, #44896
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 12 Sep 1999 12:06:00 -0600
+
+gzip (1.2.4-30) unstable; urgency=low
+
+ * upstream patch, closes: #28872
+ 1998-11-18 Paul Eggert <eggert@twinsun.com>
+ gzip.c (get_method): Don't complain about trailing zeros at
+ the end of a gzipped file, as they're commonly appended to fill
+ out a block (e.g. by GNU tar).
+ * update to FHS compliance
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 10 Sep 1999 21:34:07 -0600
+
+gzip (1.2.4-29) unstable; urgency=low
+
+ * apply patch from Vincent Renardias that improves behavior when trying to
+ decompress a corrupted .gz file. Closes 7472, 16385
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 27 Jan 1999 20:50:12 -0700
+
+gzip (1.2.4-28) frozen unstable; urgency=medium
+
+ * patch zforce to make it work at all, closes 22760
+ * patch to fix decompression of concatenated gzip files, closes 30537
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 22 Jan 1999 10:43:09 -0700
+
+gzip (1.2.4-27) frozen unstable; urgency=low
+
+ * patch from Jean-loup (upstream maintainer) for zgrep.in to fix the
+ problems with -A and -B successfully passing to grep. Closes 21209.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 25 Apr 1998 22:47:15 -0600
+
+gzip (1.2.4-26) frozen unstable; urgency=low
+
+ * fix FSF address in copyright file, lintian now reports no errors
+ * minor tweak to Makefile to fix warnings during dh_installmanpages run
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 24 Mar 1998 00:40:48 -0700
+
+gzip (1.2.4-25) frozen unstable; urgency=low
+
+ * update znew.in and zdiff.in to do save tempfile handling, closes 19794
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 21 Mar 1998 23:48:26 -0700
+
+gzip (1.2.4-24) unstable; urgency=low
+
+ * minor fix for complaints about short files, closes 19159
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 11 Mar 1998 02:21:50 -0700
+
+gzip (1.2.4-23) unstable; urgency=high
+
+ * respond to security advisory from Alan Cox via Christian Hudon, fixes
+ an obscure possibility to get gzip to execute code
+
+ -- Bdale Garbee <bdale@gag.com> Wed, 11 Mar 1998 02:16:59 -0700
+
+gzip (1.2.4-22) unstable; urgency=high
+
+ * gzexe modified to use tempfile in response to security advisory
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 31 Jan 1998 14:30:20 -0700
+
+gzip (1.2.4-21) unstable; urgency=low
+
+ * fix from the upstream maintainer for voluminous "Broken Pipe" messages
+ when using 'zgrep -l' or equivalent. Closes bug 15178.
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 4 Jan 1998 00:56:21 -0700
+
+gzip (1.2.4-20) unstable; urgency=low
+
+ * freshen rules file to match current debhelper
+ * improve handling of undocumented executables. Closes bug 13578.
+
+ -- Bdale Garbee <bdale@gag.com> Sun, 4 Jan 1998 00:56:21 -0700
+
+gzip (1.2.4-19) unstable; urgency=low
+
+ * change dependency to Pre-Depends, to keep dpkg from getting hosed during
+ libc6 upgrades. Closes 15091.
+ * switch from debmake to debhelper. In the process, closes 15412.
+
+ -- Bdale Garbee <bdale@gag.com> Mon, 8 Dec 1997 23:42:49 -0700
+
+gzip (1.2.4-18) unstable; urgency=low
+
+ * don't install INSTALL in the doc directory, closes bug 13224.
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 15:06:35 -0600
+
+gzip (1.2.4-17) unstable; urgency=low
+
+ * fix distribution problem in changelog file
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 5 Sep 1997 15:06:35 -0600
+
+gzip (1.2.4-16) stable frozen unstable; urgency=low
+
+ * libc6
+ * tweaks to rules file to install Changelog, closes bug 12488
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 4 Sep 1997 22:46:28 -0600
+
+gzip (1.2.4-15) stable frozen unstable; urgency=low
+
+ * fix minor security issue - race condition reported on bugtraq list
+ * rework debian/rules to build with debugging then strip
+
+ -- Bdale Garbee <bdale@gag.com> Fri, 14 Mar 1997 21:14:44 -0700
+
+gzip (1.2.4-14) stable frozen unstable; urgency=medium
+
+ * The -13 upload was built against a libc5 too new for 'stable'.
+
+ -- Bdale Garbee <bdale@gag.com> Thu, 28 Nov 1996 11:37:31 -0700
+
+gzip (1.2.4-13) stable frozen unstable; urgency=medium
+
+ * Fix missing "essential" flag on package, lost during standards update.
+ * Push this version back into stable to solve the 'compress' link problem.
+
+ -- Bdale Garbee <bdale@gag.com> Tue, 19 Nov 1996 09:14:14 -0700
+
+gzip (1.2.4-12) unstable; urgency=low
+
+ * New packag format.
+
+ -- Bdale Garbee <bdale@gag.com> Sat, 02 Nov 1996 14:47:42 -0800
+
+
+Thu Jul 18 01:30:22 MDT 1996 Bdale Garbee <bdale@gag.com>
+
+ * add zegrep and zfgrep links in /usr/bin (Bug#3326)
+ * add an extended description (Bug#3591)
+ * tweak control files to use dpkg-name, etc.
+
+Fri May 24 07:37:54 MDT 1996 Bdale Garbee <bdale@gag.com>
+
+ * don't provide a 'compress' link since it breaks things, but provide
+ an 'uncompress' link since it's useful.
+ * fix some administrivia
+
+Sun Apr 14 20:39:19 MDT 1996 Bdale Garbee <bdale@gag.com>
+
+ * change gzexe.in to not use BINDIR, but assume gzip is in PATH
+ * add Architecture field in the control file
+
+Wed Jan 17 00:07:00 MST 1996 Bdale Garbee <bdale@gag.com>
+
+ * switch targets in the Makefile to also install the links called
+ 'compress' and 'uncompress' since some utilities care about these,
+ and we're unlikely to ever have a 'compress' package because of the
+ intellectual property issues.
+
+Sat Dec 2 23:45:40 MST 1995 Bdale Garbee <bdale@gag.com>
+
+ * building for ELF
+ * add 'zless' as a near-clone of 'zmore', closes bug 1776
+ * unable to duplicate bug 1090, something has improved since then?
+ * add libc5 dependency
+ * new maintainer
+
# The : is required for some old versions of csh.
# On Ultrix, /bin/sh is too buggy, change the first line to: #!/bin/sh5
-x=`basename $0`
+x=`basename "$0"`
if test $# = 0; then
echo compress executables. original file foo is renamed to foo~
echo usage: ${x} [-d] files...
exit 1
fi
-tmp=gz$$
-trap "rm -f $tmp; exit 1" 1 2 3 5 10 13 15
-
decomp=0
res=0
test "$x" = "ungzexe" && decomp=1
shift
fi
-echo hi > zfoo1$$
-echo hi > zfoo2$$
-if test -z "`(${CPMOD-cpmod} zfoo1$$ zfoo2$$) 2>&1`"; then
- cpmod=${CPMOD-cpmod}
+cpmod=
+if type ${CPMOD:-cpmod} 2>/dev/null; then
+ cpmod=${CPMOD:-cpmod}
fi
-rm -f zfoo[12]$$
tail=""
IFS="${IFS= }"; saveifs="$IFS"; IFS="${IFS}:"
continue
fi
case "`basename $i`" in
- gzip | tail | chmod | ln | sleep | rm)
+ bash | chmod | gzip | ln | mktemp | rm | sed | sh | tail)
echo "${x}: $i would depend on itself"; continue ;;
esac
+
+ tmp=`/bin/mktemp -t gzexe.XXXXXXXXXX` || exit 1
+ trap "rm -f $tmp; exit 1" HUP INT QUIT PIPE TERM
+ trap "rm -f $tmp; exit 0" EXIT
+
if test -z "$cpmod"; then
cp -p "$i" $tmp 2>/dev/null || cp "$i" $tmp
if test -w $tmp 2>/dev/null; then
if test $decomp -eq 0; then
sed 1q $0 > $tmp
sed "s|^if tail|if $tail|" >> $tmp <<'EOF'
-skip=22
+skip=23
set -C
umask=`umask`
umask 77
-if tail +$skip $0 | "BINDIR"/gzip -cd > /tmp/gztmp$$; then
+tmpfile=$(tempfile -p gztmp -d /tmp)
+if tail +$skip $0 | /bin/gzip -cd >> $tmpfile; then
umask $umask
- /bin/chmod 700 /tmp/gztmp$$
+ /bin/chmod 700 $tmpfile
prog="`echo $0 | /bin/sed 's|^.*/||'`"
- if /bin/ln /tmp/gztmp$$ "/tmp/$prog" 2>/dev/null; then
- trap '/bin/rm -f /tmp/gztmp$$ "/tmp/$prog"; exit $res' 0
- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$ "/tmp/$prog") 2>/dev/null &
+ if /bin/ln $tmpfile "/tmp/$prog" 2>/dev/null; then
+ trap '/bin/rm -f $tmpfile "/tmp/$prog"; exit $res' 0
+ (/bin/sleep 5; /bin/rm -f $tmpfile "/tmp/$prog") 2>/dev/null &
/tmp/"$prog" ${1+"$@"}; res=$?
else
- trap '/bin/rm -f /tmp/gztmp$$; exit $res' 0
- (/bin/sleep 5; /bin/rm -f /tmp/gztmp$$) 2>/dev/null &
- /tmp/gztmp$$ ${1+"$@"}; res=$?
+ trap '/bin/rm -f $tmpfile; exit $res' 0
+ (/bin/sleep 5; /bin/rm -f $tmpfile) 2>/dev/null &
+ $tmpfile ${1+"$@"}; res=$?
fi
else
echo Cannot decompress $0; exit 1
:
else
echo ${x}: $i probably not in gzexe format, file unchanged.
+ rm -f $tmp
res=1
continue
fi